Secrets
User name and password/key of servers can be securely stored in FortiPAM as secrets. The secrets contain information on login, credentials, and the target server IP address. The end user can use the secret to access servers.
In FortiPAM, actual credentials are protected, and FortiPAM users cannot access the credentials except in some cases as described below. Login credentials can be changed automatically and manually for different use cases.
|
User names and password of domain controller can be securely stored in FortiPAM secrets. |
|
|
Website user names and passwords can be securely stored in FortiPAM. FortiPAM works with FortiClient and the browser extension to automatically fill the user name and password when the user browses a website. |
Users with the following permission can view secret passwords on the GUI:
-
Owner of the secret
-
Editor of the secret
Viewer of the secret cannot see the secret password on the GUI.
Components:
-
Servers: the server that the end users require to access.
-
FortiClient: supports privileged activity recording and ZTNA tunnel setting up in proxy mode.
-
FortiPAM: back to back user agent to access the target website in proxy mode.
|
|
FortiPAM supports client and browser to launch a session to servers. |
FortiPAM supports the following servers and credentials:
|
SSH server: Password mode and Key mode |
|
RDP server |
|
macOS VNC server |
|
Linux VNC server |
|
Integrated with Windows AD by Samba or LDAPs |
|
Web account credentials |
|
|
Besides client mode launch for secrets, FortiPAM also supports browser mode where no client software is required. |
The following client and browser modes are supported by FortiPAM:
-
Client mode: PuTTY, Windows Remote Desktop, RealVNC, TightVNC, and WinSCP etc
-
Browser mode: Web SSH, Web RDP, Web VNC, Web SMB, Web SFTP and Web Account.
In Secrets, you can access the following tabs: